English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2022.0478
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2022-0478)
Zusammenfassung:The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0478 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2022-0478 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.15.82 and fixes at least the
following security issues:

A flaw was found in the Linux kernel. A denial of service flaw may occur
if there is a consecutive request of the NVME_IOCTL_RESET and the
NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting
in a PCIe link disconnect (CVE-2022-3169).

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious
L1 guest could purposely fail to intercept the shutdown of a cooperative
nested guest (L2), possibly leading to a page fault and kernel panic in
the host (L0) (CVE-2022-3344).

A vulnerability has been found in Linux Kernel function kcm_tx_work of the
file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race
condition (CVE-2022-3521).

An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel
driver, potentially leading to random memory corruption or data leaks. This
flaw could allow a local user to crash the system or escalate their
privileges on the system (CVE-2022-4139).

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in
how a user changes certain kernel parameters and variables. This flaw
allows a local user to crash or potentially escalate their privileges on the
system (CVE-2022-4378).

A race condition in the x86 KVM subsystem in the Linux kernel allows guest
OS users to cause a denial of service (host OS crash or host OS memory
corruption) when nested virtualisation and the TDP MMU are enabled
(CVE-2022-45869).

For other upstream fixes in this update, see the referenced changelogs.

Affected Software/OS:
'kernel-linus' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-3169
[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
https://bugzilla.kernel.org/show_bug.cgi?id=214771
Common Vulnerability Exposure (CVE) ID: CVE-2022-3344
https://bugzilla.redhat.com/show_bug.cgi?id=2130278
https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
Common Vulnerability Exposure (CVE) ID: CVE-2022-3521
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c
https://vuldb.com/?id.211018
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-3643
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
https://xenbits.xenproject.org/xsa/advisory-423.txt
http://www.openwall.com/lists/oss-security/2022/12/07/2
Common Vulnerability Exposure (CVE) ID: CVE-2022-4139
https://bugzilla.redhat.com/show_bug.cgi?id=2147572
https://www.openwall.com/lists/oss-security/2022/11/30/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-4378
http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=2152548
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
https://seclists.org/oss-sec/2022/q4/178
Common Vulnerability Exposure (CVE) ID: CVE-2022-45869
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.